.github/workflows/automatic-release.yml

name: Automatic Release
on:
  workflow_call:
    inputs:
      NPM_REGISTRY_DOMAIN:
        description: Domain of the private npm registry.
        default: https://npm.pkg.github.com/
        required: false
        type: string
    secrets:
      NPM_REGISTRY_TOKEN:
        description: Authentication for the private npm registry.
        required: false
      GITHUB_USER_EMAIL:
        description: Email address for the GitHub user configuration.
        required: false
      GITHUB_USER_NAME:
        description: Username for the GitHub user configuration.
        required: false
      GITHUB_USER_SSH_KEY:
        description: Private SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
        required: false
      GITHUB_USER_SSH_PUBLIC_KEY:
        description: Public SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
        required: false
      GITHUB_USER_TOKEN:
        description: Authentication token with write permission needed by the release bot (falls back to `GITHUB_TOKEN`).
        required: false

jobs:
  release:
    name: Release
    timeout-minutes: 5
    runs-on: ubuntu-latest
    env:
      HAS_CONFIG: false
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
      GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}
    steps:
      - name: Fetch semantic-release Node version
        uses: actions/checkout@v4
        with:
          repository: semantic-release/semantic-release
          sparse-checkout: |
            package.json
          sparse-checkout-cone-mode: false
          path: semantic-release-repo

      - name: Set up node
        uses: actions/setup-node@v4
        with:
          node-version-file: semantic-release-repo/package.json
          registry-url: ${{ inputs.NPM_REGISTRY_DOMAIN }}

      - name: Install dependencies
        run: |
          npm i -g @semantic-release/changelog \
            @semantic-release/git \
            @semantic-release/npm \
            @semantic-release/exec \
            semantic-release \
            conventional-changelog-conventionalcommits

      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: false
          ssh-key: ${{ env.GITHUB_USER_SSH_KEY }}

      - name: Set up SSH
        if: ${{ env.GITHUB_USER_SSH_KEY != '' }}
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ env.GITHUB_USER_SSH_KEY }}

      - name: Set up signing commits
        if: ${{ env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
        run: |
          : # Create empty SSH private key file so Git does not complain.
          touch "${{ runner.temp }}/signingkey"
          echo "${{ env.GITHUB_USER_SSH_PUBLIC_KEY }}" > "${{ runner.temp }}/signingkey.pub"
          git config --global commit.gpgsign true
          git config --global gpg.format ssh
          git config --global user.signingkey "${{ runner.temp }}/signingkey.pub"

      - name: Check presence of release.config.js
        run: |
          HAS_CONFIG=$(test -f "release.config.js" && echo true || echo false)
          echo "Configuration file release.config.js found: $HAS_CONFIG"
          echo "HAS_CONFIG=$HAS_CONFIG" >> $GITHUB_ENV

      - name: Checkout the workflow repository if release.config.js file is not provided
        if: ${{ env.HAS_CONFIG == 'false' }}
        uses: actions/checkout@v4
        with:
          repository: inpsyde/reusable-workflows
          path: workflow-repo

      - name: Add and customize release.config.js file if not provided
        if: ${{ env.HAS_CONFIG == 'false' }}
        run: |
          cp ${GITHUB_WORKSPACE}/workflow-repo/templates/automatic-release/release.config.js .
          FILE=$(find . -maxdepth 1 -type f -name '*.php' -exec grep -l 'Plugin Name:' {} + | xargs -I{} basename {}) || true
          [ -n "$FILE" ] && sed "s/index\.php/$FILE/g" -i release.config.js || true

      - name: Remove the workflow repository
        if: ${{ env.HAS_CONFIG == 'false' }}
        run: |
          rm -rf workflow-repo

      - name: Set up release environment variables
        env:
          GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
          GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
        run: |
          ${{ env.GITHUB_USER_EMAIL != '' }} && echo "GIT_AUTHOR_EMAIL=${{ env.GITHUB_USER_EMAIL }}" >> $GITHUB_ENV || true
          ${{ env.GITHUB_USER_NAME != '' }} && echo "GIT_AUTHOR_NAME=${{ env.GITHUB_USER_NAME }}" >> $GITHUB_ENV || true
          ${{ env.GITHUB_USER_EMAIL != '' }} && echo "GIT_COMMITTER_EMAIL=${{ env.GITHUB_USER_EMAIL }}" >> $GITHUB_ENV || true
          ${{ env.GITHUB_USER_NAME != '' }} && echo "GIT_COMMITTER_NAME=${{ env.GITHUB_USER_NAME }}" >> $GITHUB_ENV || true

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_USER_TOKEN != '' && secrets.GITHUB_USER_TOKEN || secrets.GITHUB_TOKEN }}
        run: npx semantic-release

      - name: Delete signing key files
        if: ${{ always() && env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
        run: |
          rm -f "${{ runner.temp }}/signingkey"
          rm -f "${{ runner.temp }}/signingkey.pub"